Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

2. Phorum Reply Email Address Script Injection Vulnerability
BugTraq ID: 4739
Remote: Yes
Date Published: May 13 2002 12:00A
Relevant URL:http://www.securityfocus.com/bid/4739
Summary: Phorum is a PHP based web forums package.
A script injection issue has been reported in Phorum.
Attackers may potentially exploit this issue to hijack web content or to
steal cookie-based authentication credentials. It may be possible to take
arbitrary actions as the victim user, including posting or deleting
content.

4. Opera Frame Location Same Origin Policy Circumvention Vulnerability
BugTraq ID: 4745
Remote: Yes
Date Published: May 15 2002 12:00A
Relevant URL:http://www.securityfocus.com/bid/4745
Summary: Opera is a web browser product created by Opera Software,
and is available for a range of operating systems including Windows and Linux.
A vulnerability has been reported in some versions of the Opera Browser.

Exploitation of this vulnerability results in arbitrary Javascript code
executing within an arbitrary context. The consequences can be severe. It
may be possible to access cookie data, including auhentication
credentials, or to take actions as an authenticated user.

5. SonicWall SOHO3 Content Blocking Script Injection Vulnerability
BugTraq ID: 4755
Remote: No
Date Published: May 17 2002 12:00A
Relevant URL:http://www.securityfocus.com/bid/4755
Summary: The Sonicwall SOHO3 is an Internet security appliance that provides
firewall security solutions.
Reportedly, a vulnerability exists in the product that allows for a script
injection attack to be launched from a malicious user within the internal
LAN. The vulnerability has been reported in Sonicwall SOHO3 firmware
revision 6.3.0.0 and ROM version 5.0.1.0.

A malicious user may be able to inject script code
as part of a URL of a blocked domain. Attempts to access blocked domains
will be entered into the log files of Sonicwall. An administrator viewing
the log files will automatically cause the malicious script code execute.

NOCC webmail displays all email, including text only email, as HTML. NOCC
does not make any attempt to escape potentially harmful data in email
messages. As a result, a malicious user may be able to craft an email
containing script code and then send it to any NOCC webmail user.
This attack may result in the adversary gaining access to the victim's mailbox.

9. GNU SharUtils UUDecode Symbolic Link Attack Vulnerability
BugTraq ID: 4742
Remote: No
Date Published: May 14 2002 12:00A
Relevant URL:http://www.securityfocus.com/bid/4742
Summary: Sharutils is a freely available, open source suite of tools maintained by
the GNU.
A problem with sharutils may make it possible to exploit symbolic link
attacks. The problem is in the uudecode program.

In the event of the temporary file being a symbolic link, the file at the end of the symbolic
link would be overwritten. This could result in a corruption or loss of
data.
This problem makes it possible to exploit a symbolic link attack, and
potentially overwrite files. It could additionally lead to elevated
privileges.

10. SuSE AAA_Base_Clean_Core Script RM Race Condition Vulnerability
BugTraq ID: 4758
Remote: No
Date Published: May 16 2002 12:00A
Relevant URL:http://www.securityfocus.com/bid/4758
Summary: SuSE Linux is a freely available, open source operating system. It is
maintained by SuSE.
A problem in the operating system could result in a denial of service.
The problem is in the creation of temporary directories.

This problem could make it possible for a local user to deny service to
legitimate users of the system. This vulnerability based on the problem
described in Bugtraq ID 4266, though the problem in this case is insecure
creation of a temporary directory by the aaa_base_clean_core script.

12. tinyproxy HTTP Proxy Memory Corruption Vulnerability
BugTraq ID: 4731
Remote: Yes
Date Published: May 13 2002 12:00A
Relevant URL:http://www.securityfocus.com/bid/4731
Summary: tinyproxy HTTP Proxy is a small HTTP proxy.
A vulnerability has been reported in the handling of some invalid proxy
requests by TinyProxy. Under some circumstances, an invalid request may
result in allocated memory being freed twice.

Arbitrary code may be executed if critical values such as function return addresses,
GOT entries, etc., are overwritten.

14. SuSE Shadow File Truncation Vulnerability
BugTraq ID: 4757
Remote: No
Date Published: May 16 2002 12:00A
Relevant URL:http://www.securityfocus.com/bid/4757
Summary: SuSE Linux is a freely available, open source distribution of the Linux
operating system. It is maintained by SuSE. shadow is a set of utilities
for maintaining entries in the /etc/passwd and /etc/shadow files.

A vulnerability has been discovered in the shadow package that ships with
SuSE Linux. It has been reported that a local attacker may be able to
cause data in /etc/passwd and /etc/shadow to be truncated or possibly even
appended to with attacker-supplied data.

At the very least, local users can corrupt vital files. This may result
in a denial of service. Under some circumstances successful exploitation
of this vulnerability may enable a local attacker to elevate privileges,
possibly even gaining root privileges. SuSE has stated that it is not
possible for local attackers to obtain root privileges with the default
configuration of SuSE Linux.

15. CGIScript.net Information Disclosure Vulnerability
BugTraq ID: 4764
Remote: Yes
Date Published: May 17 2002 12:00A
Relevant URL:http://www.securityfocus.com/bid/4764
Summary: CGIScript.net provides various webmaster related tools and is maintained
by Mike Barone and Andy Angrick.
It is possible to cause numerous scripts provided by CGIScript.net to
disclose sensitive system information.
A malformed POST request will cause the host to display debug data in an
error page. As a result, server path information, form input, and
environment variables could be revealed to remote users.
Other types of malformed web requests may also cause this condition to occur.

Path, form input, and environment variable information may aid the
attacker in making further attacks against the host.

Write access to NetPad documents is password-protected. However,
authentication is not required to read the contents of NetPad documents.
Arbitrary web users may request existing documents and view their
contents, causing sensitive information in the documents to be disclosed.

17. Swatch Throttled Event Reporting Vulnerability
BugTraq ID: 4746
Remote: Yes
Date Published: May 15 2002 12:00A
Relevant URL:http://www.securityfocus.com/bid/4746
Summary: Swatch is a freely available, open source log watching utility.
It is available for the Unix and Linux platforms.
Swatch may fail to report activities. The problem is in the design of the
program.

This problem could allow an attacker with knowledge of an event that has
previously occurred and been throttled on a system to reproduce the event
without being noticed by swatch.

A vulnerability has been reported in Phorum that will allow remote
attackers to specify external PHP scripts and potentially execute
commands.

The vulnerability exists in 'plugin.php', 'admin.php' and 'del.php' files
found in the distribution of Phorum version 3.3.2a.
As a consequence, the vulnerable system will interpret the arbitrary
attacker-supplied remote file (such as a PHP script). The remote file may
potentially contain destructive commands that will be executed by the
vulnerable system.

25. GRSecurity Linux Kernel Memory Protection Weakness
BugTraq ID: 4762
Remote: No
Date Published: May 17 2002 12:00A
Relevant URL:http://www.securityfocus.com/bid/4762
Summary: The grsecurity Linux Kernel patch is a source-code patch developed and
maintained by the grsecurity development team.
A design error may allow for attackers to bypass the protection of the
patch.

The patch operates by redirecting the write() system call when it is being
used to write to a memory device. Unfortunately, there are other methods
that can be used to write to system memory (such as mapping the device to
memory using mmap()).
Local attackers with root access may exploit this weakness to modify
kernel data structures or inject backdoor code, evading the protection of
the patch.

26. Gaim Sensitive World Readable Temporary File Vulnerability
BugTraq ID: 4730
Remote: No
Date Published: May 13 2002 12:00A
Relevant URL:http://www.securityfocus.com/bid/4730
Summary: Gaim is a chat client which supports AOL Instant Messenger, ICQ, MSN
Instant Messenger, Yahoo Instant Messenger, Jabber and IRC. Gaim runs on a
number of Unix-based platforms, including Linux.
An issue has been reported in versions of Gaim, which could enable an
unauthorized user to gain access to sensitive files.

A feature exists which enables a user to configure Gaim to check for new
email messages from configured web mail services. This feature runs when
Gaim is started, and creates two /tmp files which are world readable.

Reportedly, these temporary files may include sensitive information,
including authentication credentials for the specified mail service.
This issue has been known to specifically affect Hotmail accounts,
although other configured email web services may be affected. There may be
a limited time window in which this information may be used to
authenticate to Hotmail, possibly based on timeout mechanisms inherent in
Hotmail.

A vulnerability has been announced by the distributors of DNews.
Information concerning this vulnerability is not readily available. It
is, however, possible that this vulnerability is remotely exploitable, as
the distributors of DNews recommend the placement of access control
entries in dnews.conf configuration file.

Successful exploitation may allow for remote attackers to gain access to
target servers. It has been suggested that this vulnerability affects the
management interface on port 7119, and could result in DNews system
reconfiguration. This is yet unconfirmed.